Top tips for protecting your business online (updated) Feb 14
•Transferir como PPTX, PDF•
0 gostou•810 visualizações
You know you should be using more online business services in ‘the Cloud’ but you’re worried about being cyber-scammed? This presentation provides you with the top tips of protecting your online business operations through a few simple and effective cyber-safety steps.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Destaque
Semelhante a Top tips for protecting your business online (updated) Feb 14
Semelhante a Top tips for protecting your business online (updated) Feb 14 (20)
Mais de Vanguard Visions
Mais de Vanguard Visions (20)
Último
Último (20)
Top tips for protecting your business online (updated) Feb 14
- 1. Modbury & Salisbury Top tips for protecting your business online Allison Miller, Vanguard Visions Consulting
- 2. You’ll find these slides at: slideshare.net/vanguardvisions
- 3. Session Overview • Why protect your business online? • Why is now a good time to be doing business online? • Top tips for protecting your business online • Online cyber-smart business assessment • What will you investigate? • Workshop evaluation
- 4. Why protect your business online?
- 5. Why protect your business online? • More business is being done in ‘the Cloud’ • Privacy obligations • Maintain reputation / trust • Protect virtual assets (data) • Multiple users of the one device Image: IC3 and Computer Use and Safety - http://en.wikiversity.org/wiki/IC3/Computer_Use_and_Safety
- 6. What is the “Cloud”?
- 7. Cloud Computing aka “the Cloud” Image: http://en.wikipedia.org/wiki/Cloud_computing
- 8. Types of Cloud Services Image: 'What Type of Cloud?: Private, Public or+Hybrid?' - http://www.flickr.com/photos/26072489@N08/5332731617
- 9. Some Examples of Public Cloud Services
- 10. Some Examples of Private Cloud Services
- 11. A few ways of using the Cloud 1. Software as a Service (SAAS) – – – – Email and Word processing Accounting system Human Resource/Project Management Customer Service Management (CRM) 2. Platform as a service (PaaS) – Operating Systems – Web services – Development Platforms 3. Infrastructure as a service (IaaS) – Data storage – Processing power – Server virtualisation Source: http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031
- 12. Why use the Cloud? Pros: • • • • • • • • • Anytime, anywhere, any device Quickly ‘scale up’ Stronger security External (backup) storage services Reduced license costs Outsource ICT services Collaboration Synchronisation Greener computing Image: „Open Sky‟ by Vanguard Visions Consulting - http://www.flickr.com/photos/77018488@N03/8496879398
- 13. Why is now a good time to do business online?
- 14. Top five industries to fly in 2013-14 in Australia Source: Ibis World (July 2013) – http://www.ibisworld.com.au/media/2013/07/10/52/
- 15. Internet is a game changer Source: Deloitte Access Economics Pty Ltd (2013) – http://www.deloitte.com/view/en_AU/au/services/financial-advisory/deloitte-accesseconomics/05660fd56ab1e310VgnVCM1000003256f70aRCRD.htm
- 16. But what are some of the risks on doing more business online?
- 17. Possible threats to your business General Threats • Hardware and software failure • Malware • Viruses • Spam, scams and phishing • Human error Criminal Threats • Hackers • Fraud • Password theft • Denial of service • Security breaches • Staff dishonesty Natural disasters • Fire • Floods Tips from Queensland Government‟s Business and Industry Portal http://www.business.qld.gov.au/business/starting/business-startup-options/business-online-basics/online-security-fraud
- 18. Australian Department of Defence, Intelligence and Security, Oct 2013 Source: Strategies to Mitigate Targeted Cyber Intrusions - http://www.asd.gov.au/infosec/top35mitigationstrategies.htm
- 19. Top tips for protecting your business online
- 20. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business
- 21. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business Image: Hard Disk Drive - http://en.wikipedia.org/wiki/Hard_disk_drive ; Iomega external hard disk drive - http://commons.wikimedia.org/wiki/File:Iomega_external_hard_disk_drive_%28cut%29.JPG
- 22. Develop a back-up strategy 1. Assess your level of risk and identify actions to minimise 2. What data needs to be backed up and how often 3. Select an appropriate back-up device/location 4. Set reminds to do your back-ups 5. Test that you can use your backed up data 6. Store backed up data away from its original source Tips from Stay Smart Online http://www.staysmartonline.gov.au/business
- 23. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business Image: Master lock with root password - http://commons.wikimedia.org/wiki/File:Master_lock_with_root_password.jpg
- 24. Importance of Passwords Password length 6 7 8 9 10 11 12 20 Time taken 2 seconds 3 minutes 5.5 hours 3 weeks 5.4 years 515 years 48 millennia 324 billion billion years Source: Stay Smart Online Alert Service 23 Oct 2013 - http://www.staysmartonline.gov.au/alert_service/alerts/how_strong_is_your_password_sso_alert_priority_low
- 25. Creating strong passwords Your password Strengthening your password Snow-storm 0214-Favourite Red-leather-yellowleather Allison-Miller 5n0w-5t0rm 0214-Fav0ur1te Red-le8ther-Yellow-le8ther 8ll1son-M1ller Source: Stay Smart Online Alert Service 23 Oct 2013 - http://www.staysmartonline.gov.au/alert_service/alerts/how_strong_is_your_password_sso_alert_priority_low
- 26. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business Image: purple Slog: “Information Security Wordle” http://www.flickr.com/photos/purpleslog/2870445268/
- 27. Computer/Internet Security Policy 1. Acceptable use 2. Handling sensitive data 3. Securing and handling equipment 4. Using internet safely 5. Remote access 6. Web browser setting Tips from Stay Smart Online http://www.staysmartonline.gov.au/business
- 28. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business Image: Tactical Technology Collective “Title Screen” - http://www.flickr.com/photos/ttc_press/5007644722/
- 29. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business Image: Frederick Hermann - Just like the Nest with a more connected world all the devices need software updates now. Your TV, DVD player, watch, thermostat etc didn't used to ask for constant
- 30. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business
- 31. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business Image: Virtual Private Network - http://en.wikipedia.org/wiki/Virtual_private_network
- 32. Tips from Stay Smart Online http://www.staysmartonline.gov.au/business Imagine: e-commerce - http://commons.wikimedia.org/wiki/File:E-commerce.jpg
- 33. Create a secure online presence 1. Secure socket layer (SSL) technology 2. Encrypted financial transaction data 3. Update to latest (tested) version 4. Routine back-ups Tips from Queensland Government‟s Business and Industry Portal http://www.business.qld.gov.au/business/starting/business-startup-options/business-online-basics/online-security-fraud
- 34. staysmartonline.gov.au/alert_service Tips from Stay Smart Online http://www.staysmartonline.gov.au/business
- 35. Do the cyber-smart business assessment staysmartonline.gov.au/business/home_based_businesses/questionnaire
- 36. Key points to remember 1. Have good network security 2. Protect your computer and information 3. Protect and use mobile devices safely 4. Transact securely online 5. Back up and protect data. Tips from Queensland Government‟s Business and Industry Portal http://www.business.qld.gov.au/business/starting/business-startup-options/business-online-basics/online-security-fraud
- 37. What will you investigate further?
- 39. Want to know more? More info: digitalcapability.com.au Register for eUpdates: bit.ly/digitalcapability Follow on: Twitter - twitter.com/digitalcapabili Facebook - facebook.com/digitalcapability LinkedIn - bit.ly/DCLinkedIN Google+ - bit.ly/DCGoogleplus Pinterest - pinterest.com/vanguardvisions
- 40. Allison Miller 0400 732 270 allison@vanguardvisions.com.au vanguardvisionsconsulting.com.au vanguardvisionsconsulting.com.au
Notas do Editor
- Introduce yourself– Elearningebusiness eportfolio consultancyWork with prominent universities, VET providers and schoolsWorkshops / Webinars for ACPET, Training Development Centre (TDC), QVDC, VELG Training, Wendy Perry & AssociatesiPads /laptopsWifiSurvey at end
- Raise your hand if you think protecting your business online is important?Discuss with the group:Ask everyone “Why is protecting your business online important?”
- Why protect your business online?:More and more business are doing business online, whether thats selling or paying employees/creditors so the risk of a cyber-attack is on the riseYour business has legal obligations which govern how you must manage your customer’s information to ensure privacyAn online security breach (credit card scam, access to people’s private information) could impact your business’s reputation and/or your relationship with your customers as they will lose trust in your businessYou need to protect your business’s virtual assets the same as you would your tangible assets – that is the data and information being stored on your devices/serversOften in small/home-based businesses computer/devices are share with their family, So it is very important that you make sure you put in place effective security process, and that you and your staff (and your family) are using the internet in a safe and secure way.
- Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from the use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user's data, software and computation.(http://en.wikipedia.org/wiki/Cloud_computing)
- There are three types of cloud servicesPublic - services which are accessed over a network that are open for public use.Private – services operated for a single organisation Hybrid - a combine of private and public eg public cloud storage plus an organisation privately ‘rents’ components of the Cloud infrastructure
- 1. SaaSThis type of cloud computing delivers software applications through a browser to thousands of customers using a multitenant architecture. This means no upfront investment in servers or software licensing. EgSaaS"desktop" applications include Google Docs and Zoho Office2. Utility computingThisoffers online storage and virtual servers which you can access on demand. Useful for supplemental, non-mission-critical needs, and could replace parts of your computer storage needs. Eg Google Drive or Dropbox3. Platform as a serviceAnother SaaS variation, this form of cloud computing delivers development environments as a service. You build your own applications that run on the provider's infrastructure and are delivered to your users via the Internet from the provider's servers. These services are constrained by the vendor's design and capabilities, so you don't get complete freedom, but you do get predictability and pre-integration. 4. Other cloud servicesLike all ‘as a service’ (aaS) services, these other services are based on the concept that the product can be provided on demand to the user regardless of their geographic or organisational separation of provider and theconsumer.Source: http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031http://en.wikipedia.org/wiki/Cloud_computing
- Stronger security – latest updates, integrated management (SSO), better backup and recovery
- Discuss with the group:“Why is now a good time to doing more business online?”
- We are seeing more and more people turning to the web to shop, study and search for information about products and services.Online shopping and internet publishing/broadcasting are among the top five industries predicted to grow by over 10% in the 2013-14 financial year, and beyond.This shows that consumer confidence and access is rising.
- The internet is a game changer, with a number of industries significantly changing or being ‘broken’, for example :Music industry being changed by ‘peer to peer’ file sharing which significantly impacted the number of retail musiceBooks means that we are seeing less and less bookstoresMurdoch can’t dump his newspaper shares quick enough as it’s a dying industryPlaces like Harvey Norman, Myer etc are feeling the impact of online shoppingDeloitte Access Economics (NBN Business Readiness Survey) is predicting that:One third of business are significantly being impacted by the internet now, with nearly 5 out of 10 businesses feeling some impact (32% + 17%) on the short fuseWhere does your business sit on this quadrant?What digital disruption are you experiencing?
- General IT threatsGeneral threats to IT systems and data include:hardware and software failure - such as power loss or data corruptionmalware - malicious software designed to disrupt computer operationviruses - computer code that can copy itself and spread from one computer to another, often disrupting computer operationsspam, scams and phishing - unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goodshuman error - incorrect data processing, careless data disposal, or accidental opening of infected email attachments.Read more about email scams, viruses, hackers, and other IT threats.Criminal IT threatsSpecific or targeted criminal threats to IT systems and data include:hackers - people who illegally break into computer systemsfraud - using a computer to alter data for illegal benefitpasswords theft - often a target for malicious hackersdenial-of-service - online attacks that prevent website access for authorised userssecurity breaches - includes physical break-ins as well as online intrusionstaff dishonesty - theft of data or sensitive information, such as customer details.Learn more about online crimes against business.Natural disasters and IT systemsNatural disasters such as fire, cyclone and floods also present risks to IT systems, data and infrastructure. Damage to buildings and computer hardware can result in loss or corruption of customer records/transactions.Source: http://www.business.qld.gov.au/business/running/risk-management/information-technology-risk-management/information-technology-risk
- At least 85% of the targeted cyber intrusions that the Australian Signals Directorate (ASD, formerly DSD) responds to could be prevented by following the following simple tips for protecting your business online.
- Install security software that includes a: firewall - Hardware or software which monitors information going in and out of your computer. anti-virus - A virus is a computer program designed to 'infect' and corrupt a computer and is able to copy itself. The virus can disrupt programs installed on a computeranti-spyware - Software that is installed on a computing device and takes information from it without the consent or knowledge of the user and gives that information to a third party. Set it to scan regularly.Ensure that it is updated automatically. This will help avoid ‘pharming’ – attaching of malicious code on your computer to direct you to a fake website.Pharming[p] is a cyber attack intended to redirect a website's traffic to another, bogus site. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS serversoftware. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.Source: http://en.wikipedia.org/wiki/Pharming What are people using? Payvs Free Security SoftwareSecurity Software is not required on mobile devices (smart phones / tablets) or Apple computers – but you should still be aware of cyber-spamming / hacking on these devices
- Develop a backup strategy for your critical data. A good strategy includes daily backups, an additional weekly or monthly backup and offsite storage of at least the weekly back-up media. Test that you can recover with back-up data. Creating a back-up of your data is a sensible and easy way to ensure that in the event of a fire, computer theft or virus infection you can recover all of your business information from your computer or website quickly and easily.The financial cost and time that it takes to create and implement a back up strategy is likely to be only a fraction of what you will spend if you need to recover from a data loss without one.Think of a backup strategy as insurance for your dataMake regular backups of critical data and programs on your computer. Store the backup disks in secure offsite storage. Make sure you avoid needing to recover data by having good security practices in the first place. Install and use security software including a firewall and anti-virus and anti-spyware software. Read more about securing you computer. Use a strong password to secure your back-up. This will make it much more difficult, if not impossible, for someone to view it or misuse it.
- Develop a back-up strategyDevelop a disaster recovery plan. Start by assessing your level of risk and identifying what actions you can take to minimise the risk. Assess what data and programs on your computer need to be backed up and how often. You may either back up all the data and certain programs on your hard drive each time you back up or you may do incremental back-ups. Incremental back-ups only include the files that have changed since the last time therefore saving time and space. Select a back-up device that is large enough to store the files and fast enough so it is not too time-consuming. Examples include CDs, DVDs, memory sticks or an external hard drive. Make a note somewhere obvious, such as in an office diary, reminding you to do the back-up. Test the data that has been backed up successfully and that your process is working properly. Store the back-up copies in a safe location away from your computer systems i.e. away from your home or business premises. Remember putting this information on portable media makes it vulnerable to physical removal so secure it.Discuss with the person next to you whether you are already doing this or what you would need to do to make this work for your business?
- If you do not have a dedicated IT Manager, assign someone person in your organisation to have responsibility for computer security egpassword, backups, AV updates, and minimise the number of users with administrative privileges.
- Strong Passwords:Generally, a strong password has the following attributes:• a minimum length of eight (8) characters; and• a mix of upper and lower case letters; and• at least one numeral; and• at least one non-alphanumeric character; and• does not include a dictionary word in any language.The two main ways criminals defeat strong passwords is by:• using malicious software on your computer that monitors your computer to find your password, by looking in the place where passwords are stored, monitoring your key strokes or screen activity; and• tricking people into disclosing their important passwords, or other sensitive information of value to a criminal – this is called phishing. Ensuring you use a strong password is an important part of staying safe online.Weak passwords can be cracked extremely quickly by computers used by attackers to automatically guess passwords—systematically attempting one password after another.For example, in the US, a computer has been recently built that is capable of guessing any eight character Windows password in just six hours. This system targets older Windows based logons, but has set a new benchmark for the speed at which passwords can be systematically guessed. On average, this computer is capable of making 350 billion password guesses per second—which means it can theoretically attempt every word in the English Dictionary (and more) in an instant.Newer versions of Windows have better encryption and so are significantly more resistant to this attack; however, the sheer speed at which this machine is capable of testing passwords highlights the importance of choosing strong passwords for our everyday purposes. This computer was not expensive to build.Passwords that use common words and numbers, such as your dog’s name or your birthday are far too easy for cyber criminals to guess by setting up such a system—even using an ordinary computer.Cyber criminals attempting ‘brute force’ attacks, as they are described, also often employ vast lists of commonly used passwords, and entire dictionary lists of likely words, as the first combinations they will try.When websites get hacked, any revealed passwords are also often added to lists of commonly used passwords. This means that the most likely passwords any of us use—and variations of them—get tried first of all, dramatically reducing the number of guesses and time attackers require.In many cases this entire process can be done without the knowledge of the victim or website involved. An attacker will take a copy of the list of encrypted passwords from a computer or website, and then with simple software to automate the guessing process, they wait for as many passwords to be cracked as possible.Weaker passwords will tend to crack sooner, while stronger passwords require far more time and more computing effort than is feasible. Password strengthThis is why password strength is a key factor affecting your online security. You want to be sure your password, at a minimum, is not one of the more easily guessed combinations out there.‘Strength’, refers to the overall length of the password as well as the possible character combination you choose: numbers, symbols and upper or lower case letters.A weaker password is shorter and contains a less randomised mixture of all of these.Dates, names, teams, anniversaries, pets and places are frequently used by people for passwords, and so they are also the options attempted first by attackers.‘Password’ is still unfortunately the most commonly used password.A stronger password is a longer and more random mixture of characters.The computer mentioned in this example can crack any eight character (Windows) password in around six hours, while a nine character password would require three weeks, and a ten character password, more than five years.Setting a strong passwordIncreasing the length of your password exponentially increases the time it takes to guess it, so it is wise to choose a longer one.Your passwords should not comprise words, but a random mixture of upper and lower case characters, number and symbols.Stay Smart Online has lots of useful advice about setting strong passwords that you can also remember!This table is an indication of the time taken for the system in this example to guess a password based on the number of characters (assuming a random password chosen from 95 different characters: uppercase, lowercase, numbers, symbols).Source: Stay Smart Online Alert Service 23 Oct 2013 - http://www.staysmartonline.gov.au/alert_service/alerts/how_strong_is_your_password_sso_alert_priority_low
- Strong Passwords:Generally, a strong password has the following attributes:• a minimum length of eight (8) characters; and• a mix of upper and lower case letters; and• at least one numeral; and• at least one non-alphanumeric character; and• does not include a dictionary word in any language.The two main ways criminals defeat strong passwords is by:• using malicious software on your computer that monitors your computer to find your password, by looking in the place where passwords are stored, monitoring your key strokes or screen activity; and• tricking people into disclosing their important passwords, or other sensitive information of value to a criminal – this is called phishing. Write down some possible passwordsHave a bank of themEnsuring you use a strong password is an important part of staying safe online.Weak passwords can be cracked extremely quickly by computers used by attackers to automatically guess passwords—systematically attempting one password after another.For example, in the US, a computer has been recently built that is capable of guessing any eight character Windows password in just six hours. This system targets older Windows based logons, but has set a new benchmark for the speed at which passwords can be systematically guessed. On average, this computer is capable of making 350 billion password guesses per second—which means it can theoretically attempt every word in the English Dictionary (and more) in an instant.Newer versions of Windows have better encryption and so are significantly more resistant to this attack; however, the sheer speed at which this machine is capable of testing passwords highlights the importance of choosing strong passwords for our everyday purposes. This computer was not expensive to build.Passwords that use common words and numbers, such as your dog’s name or your birthday are far too easy for cyber criminals to guess by setting up such a system—even using an ordinary computer.Cyber criminals attempting ‘brute force’ attacks, as they are described, also often employ vast lists of commonly used passwords, and entire dictionary lists of likely words, as the first combinations they will try.When websites get hacked, any revealed passwords are also often added to lists of commonly used passwords. This means that the most likely passwords any of us use—and variations of them—get tried first of all, dramatically reducing the number of guesses and time attackers require.In many cases this entire process can be done without the knowledge of the victim or website involved. An attacker will take a copy of the list of encrypted passwords from a computer or website, and then with simple software to automate the guessing process, they wait for as many passwords to be cracked as possible.Weaker passwords will tend to crack sooner, while stronger passwords require far more time and more computing effort than is feasible. Password strengthThis is why password strength is a key factor affecting your online security. You want to be sure your password, at a minimum, is not one of the more easily guessed combinations out there.‘Strength’, refers to the overall length of the password as well as the possible character combination you choose: numbers, symbols and upper or lower case letters.A weaker password is shorter and contains a less randomised mixture of all of these.Dates, names, teams, anniversaries, pets and places are frequently used by people for passwords, and so they are also the options attempted first by attackers.‘Password’ is still unfortunately the most commonly used password.A stronger password is a longer and more random mixture of characters.The computer mentioned in this example can crack any eight character (Windows) password in around six hours, while a nine character password would require three weeks, and a ten character password, more than five years.Setting a strong passwordIncreasing the length of your password exponentially increases the time it takes to guess it, so it is wise to choose a longer one.Your passwords should not comprise words, but a random mixture of upper and lower case characters, number and symbols.Stay Smart Online has lots of useful advice about setting strong passwords that you can also remember!This table is an indication of the time taken for the system in this example to guess a password based on the number of characters (assuming a random password chosen from 95 different characters: uppercase, lowercase, numbers, symbols).Source: Stay Smart Online Alert Service 23 Oct 2013 - http://www.staysmartonline.gov.au/alert_service/alerts/how_strong_is_your_password_sso_alert_priority_low
- Develop clear policies for staff using your computer or network. Ensure that staff understand how they are allowed to use email and the internet. A computer security policy is a document that covers the rules and practices that you want your staff to follow when working with e-mail, browsing the Web, and accessing confidential data stored in your system. A security policy can help your organisation reduce security breaches and data loss by helping employees follow through with safe and secure computing practices.In some cases you may find your customers and/or suppliers demand that you have a security policy in place that they can review - especially if you may be formally linking into their IT systems
- A security policy may cover:Acceptable use - how staff use email and the internet. Should certain websites be blocked to staff? Should there be a restriction on the size of email attachments? Handling sensitive data - who and how should sensitive data be handled and stored. Securing and handling equipment - is there a system in place to track who is using equipment in the organisation? Using internet safely - what system is in place to ensure anti-virus, anti-spyware, operating systems, Web browsers and other software are kept up to date? Remote access - what is the system to ensure security is maintained while accessing the work from the road or at home?Web browser setting – increase the security levels in your web browser, stop/switch off cookies.
- Develop a 'culture of security'. Businesses need to have Internet security measures in place and make sure staff are aware of and follow internet security practices. When creating your security policy, identify and work on securing the IT assets that impact your business the most. – What are your IT assets?Implement a process of reporting breaches. If staff are able to report breaches confidentially they may be more willing to report at all. Set clear policies on what websites employees can and can not access. Staff need to know what is expected of them when using email and the internet at work. Keep your security policy up to date. Review the security policy yearly to ensure it is still relevant. Stay up to date on cyber security issues. Subscribe to the Stay Smart Online Alert service to keep up to date on the latest security and network vulnerabilities. Develop clear rules for staff so that they understand what they need to be aware of and their responsibilities. You should also have clear policies on personal use and what is, or isn't, allowed. Provide induction training for new employees. It is a good time to introduce staff to your security polices and practices. Keep staff up-to-dateDescribe the ‘culture of security’ within your business
- Use software from reputable sources. Keep your software patches up-to-date,ie a fix for a software program, also known as a software updateIt is possible that flaws within software (called vulnerabilities) can allow hackers to remotely access and take control of your computer.These vulnerabilities exist in the operating system (Windows, Linux, Mac OS etc) and the applications that are installed on your computer (browsers, media players, word processing etc).When software providers become aware of vulnerabilities in their products, they often issue an update to the software to fix the problem. These updates are also known as patches. Similar to the way fabric patches are used to repair holes in clothing, software patches repair holes in software.Most of the software that you have installed on your computer can be updated automatically if the computer is connected to the internet.Update your web browser to the latest version. Web browsers are regularly updated to fix security flaws, so it is important to update your web browser to the latest version.Install your smartphone updates
- Use spam filters to reduce the amount of spam that your business receives.Know how to manage the spam that gets through and ensure your staff know how to recognise scam and hoax emails and to avoid clicking on links or opening attachments from suspicious emails. Email viruses, worms and Trojans are capable of harming your business computer system and with it your ability to conduct your business.Email is one of the easiest and fastest means of business communication. As with any form of communication that is cheap and easy it is open to abuse. Spam-the electronic equivalent of 'junk mail'-now makes up the majority of email traffic. Spam includes electronic mail as well as mobile phone messaging such as SMS and MMS.Because businesses often advertise their email addresses they are likely to receive greater volumes of spam than home users. This not only has an impact on productivity, but spam can also carry viruses, worms and Trojans through malicious code in attachments and commands embedded in seemingly normal messages.If you use email to conduct your business you need to know how to reduce the spam you receive and to securely manage what does reach your inbox. You also need to be aware of your legal obligations to ensure any electronic messages you send to consumers do not breach Spam Act or the Australian E-marketing code of practiceDo not to open email attachments or click on hyperlinks in emails from unknown or questionable sources. It is not enough that the email originated from an address you recognise. Don't ever reply to spam. This is likely to compound the problem by confirming your email address to the spammers. Report spam to the Australian Communications and Media Authority (ACMA) at www.spam.acma.gov.au or phone 1300 855 180. Spam SMS can be reported to 0429 999 888Watch out for spam / viruses via inboxes/direct messages in social media spaces too.
- Being able to access the office while on the road can provide increased productivity and flexibility. However, it is important to ensure your equipment and connection is secure so that your network is not vulnerable or your sensitive business information exposed.Remote access can create a number of security risks for your otherwise secure network. When you open up your network to connections from an external source you increase the risk that this connection can be used by a third party to access your network or that business information can be intercepted. You need to ensure that you secure access so that only legitimate users can access your network and that you encrypt data to prevent theft. Securing remote access requires a degree of technical knowledge. If remote access is an important part of your business, and you transmit sensitive business information, it may be worthwhile to invest in specialist advice from a computer expert.Seek expert advice. Securing your remote access requires a degree of technical knowledge so seek expert advice from a computer professional if needed. Install up-to-date security software (firewall, antivirus and anti-spyware) on remote devices. Ensure that your network is also secure and security software is also up-to-date. Make sure that staff using laptops do not set their computer to log-in automatically. Make sure that they don't store their password on their laptop. Delete staff remote access privileges once they are not needed. For example, don't let someone who has left the company retain access to your network.
- Selling online can be great for your business as it expands your potential customer base to all those connected to the internet. But it also can expose your business to fraudsters, cyber vandals and criminals.Fraudulent purchases can result in lost revenue and reputation and dealing with credit card chargebacks can be time consuming and make it difficult to assess your current financial position. Having an online shop can expose your systems to unauthorised access and theft of customer information such as credit card details. Vandals and criminals can also attempt to disrupt your business through denial of services attacks, typically to extort money.To take full advantage of the digital economy you need to put in place some simple security measures so your business and your customers are protected.Keep a look out for suspect online orders. Taking steps to verify a buyer is genuine when you receive an order will save you the potential hassle of a credit card charge back later, and may prevent fraud. Secure your e-commerce website. Use the latest version of your e-commerce software and make sure your server is secure (see secure your computers and servers). Use strong passwords and change them regularly. Particularly in securing customer financial data. Don't store private customer data and credit card details on a public e-commerce server. Store these details offline Regularly monitor and test your e-commerce systems. Conduct penetration tests of your systems and audit your security practices to ensure best practice.
- Create a secure online presenceIf your business has an online presence, you should also assess the security of your website, email accounts, online banking accounts and social media profiles.For example, secure socket layer (SSL) technology is used to encrypt transaction data and to send customer and card details to the acquiring bank for authorisation. You should ensure any web hosting solution you consider is capable of supporting the SSL protocol.
- Keep yourself informed about the latest cyber security risks. Subscribe to email notification services that keep you informed about the latest cyber security risks and solutions. See our Alert Service.Get people to subscribe
- What did you find out about your business?http://www.staysmartonline.gov.au/business/home_based_businesses/questionnaire
- What will you investigate further and why?
- Ask participants to complete the online workshop evaluation